Annual poll: single biggest security threat of the year

What will be the single biggest security threat of 2018?

Our annual poll to find out what security professionals think the single biggest security threat of next year will be


Annual poll: single biggest security threat of the year

Show More

For the last couple of years, we’ve straw-polled security professionals to discover what they think the single biggest security threat of the following year will be. This year we heard from 72 security professionals and have summarised the responses below.

What is the format?

Each year we ask security professionals to tell us what they think the single biggest security threat of the following year will be along with a one sentence explanation. This is a totally subjective answer (and many individuals naturally highlight problems that relate to their own solution).

What are the findings?

Out of 72 usable responses we found a strong leaning towards ransomware (11 responses) and employees (12) while IoT (6) and threats to critical infrastructure (5) were also raised by multiple individuals. The responses have been grouped below in the following sections:

  1. Employees (12)
  2. Ransomware (11)
  3. Repeated responses (14)
  4. Other suggestions (35)

How does this compare to results from the last couple of years?

Last year the single biggest threat suggested by security professionals was the Internet of Things with 26 responses, while ransomware – which has probably been the biggest threat of 2017 – was only mentioned twice.

In 2016, 14 of the experts we spoke to suggested employees and this seems to be firmly back on the list for next year.

Results of previous polls can be found here:

What did individuals have to say?

All usable responses are cut down to a single sentence and grouped by theme below. 



Always the people

The reality is that your employees are and almost certainly will always be the biggest threat to cyber security.

Tim Hall, CTO at Blue Logic

The ‘soft underbelly’

Whether they are the negligent executives that fail to implement proper cybersecurity policies, unwitting insiders that fall victim to phishing emails, or naive employees that fail to appropriately patch and update their computers, people remain the soft underbelly that malicious actors will exploit to compromise an organisation.

Steve Lakeman, research team at ThreatConnect

Criminals more professional than the target  

Cyber criminals are more professional, sophisticated and well-organised than ever before, which makes it tough for end-users to properly defend themselves - a ‘patch-work’ approach simply will not suffice, and digital cyber security must be a continuous and on-going process to succeed.

Eric Berdeaux, CEO at OXIAL

​Taken for granted

Technology plays a massive part in our lives today, so much so that we typically take it for granted.

Richard Kennedy, Director of Cloud Services & Infrastructure at Xperience Group

Malicious insider

The biggest cybersecurity threat in 2018 will be the one that catches organisations unaware; the malicious insiders that are even now quietly syphoning off data and secrets from their most secure databases, by taking advantage of a mainframe blind-spot that research shows exists in 84% of global organisations.

John Crossno, Product Manager at Compuware

People are your greatest asset – and vulnerability

As phishing attacks become more sophisticated and socially engineered attacks continue to rise, the real target isn’t infrastructure – it’s the user.

Joe Diamond, Director of Security at Okta

Junior staff often care less

Companies need to be aware of the threat of rogue insiders, particularly when it comes to people in more junior positions with access to sensitive data, who may be disillusioned or less security-savvy than more senior staff.

Andrew Avanessian, COO at Avecto

Insecure user behaviour

The single biggest security threat for 2018 will be the same as it was in 2017 – users – we need to accept that users will continue to behave insecurely, and deploy systems that will protect them by design when they make mistakes.

Fraser Kyne, EMEA CTO at Bromium

The inflection point for insiders

Cybercriminals, like any good business, are looking for the most cost effective model to achieve their goals; 2018 may be the year of an inflection point where it is more cost effective to utilise insiders instead of producing malware, resulting in a dramatic decrease in the amount of malware discovered.

Tim Brown, VP of Security at SolarWinds MSP

End user ignorance

Cyber security is still being treated as an IT issue and yet most of the biggest breaches resulted from some muppet clicking on a phishing email link, plugging a USB in or doing something just plain stupid, so how many companies now run regular cyber threat awareness update sessions for their staff (all staff!)?

John Davies, Director at Pervade Software

Privileged accounts holders

Users with elevated or privileged rights are still the primary target for hackers, and the tendency in recent data breaches shows that once passwords are stolen, organisations struggle to detect harmful actions executed with hijacked accounts - unless they can spot abnormal behaviour of their users.

Csaba Krasznay, Security Evangelist at Balabit

People are the weakest link

People are the weakest link in any organisation’s security chain – if cyber criminals can get through to employees, they are almost certain to be successful in hacking into the organisation.

Martin Ewings, Director of Regional Sales and Specialists Markets UK&I at Experis


Beyond WannaCry and Petya

We expect to see an increased number of ransomware attacks on higher value data, even more damaging than WannaCry and Petya; military institutions and banks could be next on the hit list, as hackers might look to exploit these hugely powerful institutions for even bigger financial benefits.

David Navin, Corporate Security Specialist at Smoothwall

The first house will be held to ransom

Hackers may go as far as locking owners out of their houses – by infiltrating their smart locks – until they pay to get back in.

Jason Hart, CTO of Data Protection at Gemalto

Commodity ransomware

I think commodity ransomware will continue to be the biggest threat in 2018 - almost everyone is a target, and the effects can be devastating.

Chris Doman, Security Researcher at AlienVault

A lucrative revenue stream

Ransomware will continue to be a key threat next year – it’s neither new nor novel but it’s simple to write, has been proven to be effective, and can be an incredibly lucrative avenue for hackers to exploit.

Holly Williams, Penetration Tester at Sec-1

‘Go to’ strategy for criminals

As long as organisations remain vulnerable to attack and slow to recover, it will continue to succeed as a ‘go to’ strategy for cyber criminals.

Gary Watson, Founder and CTO at Nexsan

Beyond “spray and pay”

Ransomware will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare, and tax preparers rather than “spray and pray” attacks we largely see now.

Brian Baskin from the Threat Analysis Unit (TAU) at Carbon Black

Higher and higher ransoms

Targeted ransomware, because when essential services are targeted specifically, the value of the locked data is huge and the consequences are vast – meaning, the cyber criminals can demand higher and higher ransoms.

Linus Chang, CEO and Founder of Scram Software

Personally identifiable information

GDPR comes into effect next year and has the potential to carry very large fines for companies handling the PII of EU citizens; malicious parties may see this as an easy way to make financial gains by targeting PII in attacks and holding it to ransom.

Thomas Fischer, Global Security Advocate at Digital Guardian

Targeted for impact

Having witnessed the impact of this year’s high-profile ransomware attacks, such as the one that almost brought down the NHS, ransomware will continue to be even more targeted in 2018 as hackers seek top businesses, banks, healthcare institutions and other national-critical organisations to implement even more vindictive, sneaky, and potentially life-threatening attacks –leading to panic if organisations are unable to detect and stop incoming attacks quickly, before damage is done.

Ross Brewer, VP and MD of EMEA at LogRhythm

A targeted ransomware pandemic

In 2017, disruptive ransomware has become the weapon of choice for cyber-criminals due to monetisation which reflects the successful digital transformation of organised crime – as is evident from the nearly daily reports of cyber-attacks in the press, I only see this threat getting worse in 2018.

 Chris Goettl, Manager, Product Management for Security at Ivanti

Linux ideal target

Ransomware will increasingly target Linux systems in an effort to further extort larger enterprises - for example, attackers will increasingly look to conduct SQL injections to infect servers and charge a higher ransom price.

Param Singh from the Threat Analysis Unit (TAU) at Carbon Black



Repeated responses

IoT attacks

Reports already show an increase of 280% in IoT attacks in the first half of 2017 alone, this will increase in 2018 with more and more devices becoming connected.

Patrick Clover, Founder of BLACKBX

The home front

The IoT-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm.

Nigel Harrison, CEO at Cyber Security Challenge UK

The unknown rising threat of IoT and botnets

We have already seen what IoT devices can do when pooled together by hackers to conduct a DDoS attack, imagine what will they be able to do when re-provisioned for Web Application, Credential Abuse or over the horizon threats.

Jay Coley, Senior Director of Security Planning and Strategy, EMEA at Akamai Technologies

The interface between the cyber and physical world

Proliferation of Attacks against Internet of Things (IoT) and Operational Technology (OT) such as Industrial Control Systems: These systems are the interface between cyber and the physical world and are poorly secured against attack and successful compromises have life safety implications. 

Chris Day, CSO at Cyxterra  

IoT security is non-existent

The biggest security threat relates to the Internet of Things and it finding growing acceptance - in cars, computers, even scales; but IoT security is non-existent.

Frederik Mennes, Senior Manager of Market & Security Strategy, Security Competence Center at VASCO Data Security

IoT a gateway to businesses

Due to the perfect storm of sprawling supply chains, rampant outsourcing, and the rise of IoT, 2018’s biggest security risk could be Third-party Access Point Attacks or TAP Attacks, in which hackers target businesses via vulnerable suppliers and partners.

Andy Waterhouse, EMEA Pre-Sales Director at RSA Security

Critical infrastructure

The biggest cybersecurity threat in 2018 will be to critical infrastructure — their corporate IT networks as well as operational technology (OT) including devices for industrial control systems (ICS) and supervisory control and data acquisition (SCADA).

Justin Coker, VP EMEA at Skybox Security

“Stealth” hacks on critical infrastructure will require a new approach to security

Sophisticated cyber-attacks will become more unpredictable and take forms we have not seen before.

Salvatore Sinno, Chief Security Architect at Unisys

Ancient national infrastructure

We are likely to see a massive cyberattack on national infrastructure, similar to the attack that brought down the NHS, but this time with hackers targeting CCTV equipment – many of which are open to risk because they sit outside of high security IT and are not regularly updated with firmware.

James Wickes, CEO and Co-Founder at Cloudview

State sponsored actor attacking a major organisation or critical infrastructure

The political landscape is like a tinderbox right now, we just need one wrong tweet from a world leader directed at another, or a wannabe, and it could kick off a cyber war.

Andrew Martin, Founder and CEO at DynaRisk

Phishing for critical infrastructure

2018 will undoubtedly see a big increase in cyberattacks on critical infrastructure worldwide, with phishing continuing to be a key point of entry.

Alan Levine, Security Advisor at Wombat Security Technologies

Spear phishing

Spear phishing (targeted phishing) will become more sophisticated, leveraging or impersonating respected brands and directing unsuspecting users to realistic destinations to harvest credentials and other personal information.

Fabian Libeau, VP EMEA at RiskIQ

Spear phishing attacks

In early 2017, 61% of InfoSec professionals reported experiencing spear phishing attacks, and this year has seen a number of high profile attacks hit the press, from Amber Rudd (responsible for cyber-security in the UK) to Tom Bossert (cyber-security advisor in the US) being affected.

Amy Baker, VP, at Wombat Security Technologies

Shortage of affordable skills
It may feel like a bit of an old chestnut, but a shortage of available and affordable people to fill gaps in cyber security positions at all levels continues to hold back progress – including both potential trainees, and people with experience in the field.

Dr Robert Nowill, Chairman of Cyber Security Challenge UK

Security teams becoming overwhelmed

1 2 Page 1
Page 1 of 2